/*
 * Copyright (c) 2013 Andaily Information Technology Co. Ltd
 * www.andaily.com
 * All rights reserved.
 *
 * This software is the confidential and proprietary information of
 * Andaily Information Technology Co. Ltd ("Confidential Information").
 * You shall not disclose such Confidential Information and shall use
 * it only in accordance with the terms of the license agreement you
 * entered into with Andaily Information Technology Co. Ltd.
 */
package top.suven.http.oauth.validator;

import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;

/**
 * response_type=token
 * 2018-08-01
 * <p/>
 *  OauthAccessToken 信息
 * 定义OAuth2 的客户端(client details)
 *  grant_type="authorization_code"
 *  DBTable: oauth_client_details
 *
 * @author suven.wang
 */

/**
 *  grant_type="implicit"   -> response_type="token"
 *  ?response_type=token&scope=read,write&client_id=[client_id]&client_secret=[client_secret]&redirect_uri=[redirect_uri]
 **/

public class ResponseTypeTokenValidator extends AbstractOAuthResponseTypeValidator {



    private final boolean validateClientSecret;


    /**
     * Create an OAuth Token request from a given HttpSerlvetRequest
     *
     * @param request the httpservletrequest that is validated and transformed into the OAuth Token Request
     * @throws org.apache.oltu.oauth2.common.exception.OAuthSystemException  if an unexpected exception was thrown
     * @throws org.apache.oltu.oauth2.common.exception.OAuthProblemException if the request was not a valid Token request this exception is thrown.
     */
    public ResponseTypeTokenValidator(OAuthAuthzRequest request) {
        this(request, true);
    }

    public ResponseTypeTokenValidator(OAuthAuthzRequest request, boolean validateClientSecret) {
        super(request);
        this.validateClientSecret = validateClientSecret;
    }

    /*
     * grant_type="implicit"   -> response_type="token"
     * ?response_type=token&scope=read,write&client_id=[client_id]&client_secret=[client_secret]&redirect_uri=[redirect_uri]
    * */
    @Override
    public boolean validateSelf() throws OAuthSystemException {

        // 前4点 基于token 验证于AbstractOauthTokenValidator 抽象
        if(!this.validateResponseType()){
            return false;
        }
        if(!this.validateClientSecret()){
            return false;
        }
        if( ! this.validateScope()){
            return false;
        }
        if(!this.validateRedirectUri()){
            return false;
        }
        return true;
    }


}
